Microsoft Defender for Office 365

In 2022, Purdue University began piloting Microsoft’s Defender for Office (MDO) email security service. This page provides information about what MDO is and how it may impact you going forward.

What is Microsoft Defender for Office 365 (MDO)?  

Microsoft Defender for Office 365 is a security email service that protects Purdue University accounts from malicious phishing campaigns, marketing spam, malware, and more. Using Microsoft’s machine learning and Artificial Intelligence (AI), MDO will provide greater email security and protect you from the latest email threats. For more details, please see the video below:


How to get started with MDO: 

Unlike the Cisco Spam Filter, MDO allows each user to directly modify and fine tune their own email experience.

Malicious emails

Any email believed to be "malicious" - meaning email believed to be phishing or another threat - is placed in a security quarantine. You will be emailed a daily quarantine report notifying you of messages delivered to your quarantine. You should check these reports regularly to ensure that legitimate emails were not marked malicious. See the "How to Release Legitimate Email from Quarantine" section below for more details.

Spam emails 

Spam emails - meaning unsolicited advertisements, newsletters, or other messages sent in bulk will be sent to your Junk folder within Office 365. If you receive spam email to your inbox, you can block these emails in the future by adding that sender or domain to your Blocked Senders list. See the "How do I whitelist/blacklist emails within MDO?" FAQ for more details.

Graymail emails

Missing emails

If you have not received an expected email, check both your junk folder and the quarantine report to see if the email was identified incorrectly. See "How to fine tune Safe/Block Senders list" FAQ for more details.

How to Release Legitimate Email from Quarantine

To release falsely held emails from quarantine, simply open a web browser and navigate to or you can click the "Review" button in the daily quarantine report that you receive in your inbox. Once there, sign into MDO using your Purdue career account and password (Doing so will result in a prompt for Microsoft's Multi-Factor Authentication). Once signed in, you can then select the messages that you wish to release and click the "release" option. Note: It may take up to 5 minutes for the released email to appear in your inbox after performing this action. 

If you need additional instructions, they can be found in the video below:

Frequently asked questions

How to fine tune Safe/Block Senders list

Exchange Online's Safe/Block Senders list allows each user to directly modify and fine tune their own email experience as seen below.

How to modify email experience.
Condition Recommendation Detail
Approved senders/domains being sent to junk Add sender/domain to safe senders Adding the sender/domain to safe senders ensures proper delivery to the inbox
Spam being sent to inbox Add sender/domain to block senders

Adding sender/domain to block senders ensures delivery of spam to junk

Email incorrectly sent to quarantine Click “Report to Microsoft” button

Clicking “Report to Microsoft” allows MDO to adjust its machine learning engine for your mailbox. This may take several iterations of email delivery to fine tune. 
How do I whitelist/blacklist emails within MDO?

MDO retains both a whitelist and blacklist in the form of Exchange Online's Safe/Block Senders lists. Emails or domains entered into the Safe Senders list are able to bypass certain scanning mechanisms such as anti-spam and anti-spoofing engines. NOTE: Any emails convicted due to potential malware or phishing do NOT honor the Safe Senders list.

Emails or domains entered into the Block Senders list will be immediately sent to the Junk folder.

Is there a limit to Safe/Block Senders?
Why do I have to "Request Release" an email?
Email classified as malicious with high confidence will require an administrative approval prior to releasing the email. You will need to click the “Request Release” button to notify our Security Operations Center to review your request and approve it if the detection is considered a false positive. If you have specific questions about your release request, please email
What happened to the previous Cisco Quarantine system?
MDO is replacing the previous Cisco Quarantine system. Cisco Ironport will no longer be implemented for users with MDO.
What happens when I use the Report Message button?

When you report a message in your inbox as junk/phishing, it will add that specific email address to your personal blocked list.

NOTE: If you desire to block all messages from a specific domain, you can do that in the Settings menu.

If you report a message as not junk from the Junk Email folder, MDO will make sure you receive emails from this specific email address more often.

What are email headers?
An email header provides a list of technical details about the message, such as who sent it, the software used to compose it, and the email servers that it passed through on its way to the recipient. For more details on how to retrieve your email headers, please see the documentation below: 
What do the different reporting options in the Report Message button do?

Junk / Phishing – choosing these options will move the message from your Inbox to your Junk Email folder; a copy of the message may be sent to Microsoft to help update spam/phishing filters.

Not Junk – choosing this option when a message has incorrectly been sent to the Junk Email folder will move the message back to your Inbox and update Microsoft to make sure you receive messages from this address in the future.

Options – allows you to choose whether messages are automatically sent to Microsoft when they’re reported as junk or phishing attempt.

What are Safe Links?

Safe Links is a feature in Defender for Office 365 that provides URL scanning and rewriting of inbound email messages in mail flow, and time-of-click verification of URLs and links in email messages and other locations. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect your organization from malicious links that are used in phishing and other attacks.